Profound is on a mission to help companies understand and control their AI presence. As enterprises integrate AI into critical workflows, they need to trust that the platforms they rely on are secure, compliant, and resilient. That's where you come in.
We're hiring a Security Engineer to own Profound's security posture across our platform, infrastructure, and corporate environment. You'll be the first dedicated security hire, which means you'll shape how we approach access control, vulnerability management, compliance, and incident response from the ground up. You'll partner closely with our Engineering and Infrastructure teams to build practical, scalable security systems that protect customer data and enable rapid growth.
This role is ideal for someone who sees security as a business accelerator, not a blocker, and who thrives on building rather than auditing.
What you'll do
In your first 90 days, you'll focus on our most pressing priorities: partnering with our Infrastructure team to harden our AWS environment, driving SOC 2 Type II continuous compliance (defining controls and closing gaps), and integrating security scanning into our CI/CD pipelines.
Over time, you'll take on broader responsibility across our security posture:
Enforce least-privilege access controls and conduct regular access reviews across environments
Build and run a vulnerability management program spanning infrastructure, applications, and dependencies
Triage and respond to security findings from automated tooling, bug bounty programs, and third-party assessments
Partner with Infrastructure to implement detection and monitoring capabilities using log aggregation and SIEM tooling
Conduct risk assessments, maintain a risk register, and drive prioritization decisions
Build security policies and procedures that reflect how we actually operate
Lead post-incident reviews and drive systemic improvements
Must have
5+ years in security engineering, with experience in high-growth SaaS or infrastructure-heavy environments
Hands-on experience building or maintaining a SOC 2 compliance program
Strong knowledge of AWS security services and cloud security architecture (IAM, VPC, CloudTrail, GuardDuty, Security Hub)
Deep understanding of identity and authentication protocols (OAuth, SAML, OIDC)
Practical scripting skills in Python or Bash for automating security workflows
Strong plus
Experience integrating vulnerability management and security scanning (SAST, DAST, SCA, container scanning) into CI/CD workflows
Familiarity with network security fundamentals (firewalls, DNS, VPNs, segmentation, traffic analysis)
Experience with infrastructure-as-code security (Terraform, CloudFormation)
Background in penetration testing, application security assessments, or CTF competitions
Familiarity with data infrastructure security for systems like ClickHouse or PostgreSQL
Experience with data processing compliance in analytics-heavy environments
Relevant certifications (CISSP, CCSP, AWS Security Specialty, or similar)
Who you are
Clear communicator who can translate security risks into business terms for engineering, leadership, and customer-facing teams
Systems thinker who reasons about root causes, blast radius, and scalable control design
Self-directed with strong judgment and comfort operating with significant autonomy
Motivated by building the security foundation for a category-defining AI company
Compensation
For this role, the expected base salary range is $200,000 to $250,000 (NYC). Profound's total compensation package includes base salary, equity, and a full range of benefits and perks. Final compensation depends on skills, experience, qualifications, and location, and will be determined during the interview process. Our recruiting team will share more details about the full package as you move through hiring.
#LI-PRO